During normal operations the roles and the possible incompatibility of the roles of the users have to be taken into account beside business efficiency. The protection of the integrity of information created by business processes is only possible with continuous auditing and regular security related finetuning.